IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Rational ClearQuest (CVE-2016-3092)

Medium Severity

IBM Rational ClearQuest is vulnerable to an Apache Commons FileUpload vulnerability. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): Rational ClearQuest 7.1.x (all versions), 8.0 through 8.0.0.19, 8.0.1 through 8.0.1.12, and 9.0 through 9.0.0.2. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21993816 X-Force Database: http://exchange.xforce.ibmcloud.com/vulnerabilities/114336 ...read more


IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-4003)

Medium Severity

An Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18. An upgrade to Apache Struts version 2.3.28.1 was performed. CVE(s): CVE-2016-4003 Affected product(s) and affected version(s): Product Affected Version IBM Social Media Analytics 1.3   Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21994399 X-Force Database: ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Fabric Manager (CVE-2016-2183)

Low Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Fabric Manager. IBM Fabric Manager has addressed the applicable CVE. CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): Product Affected Version IBM Fabric Manager 4.1   Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerability in pConsole impacts AIX (CVE-2016-0266)

Low Severity

pConsole on AIX does not support TLS 1.2. CVE(s): CVE-2016-0266 Affected product(s) and affected version(s): AIX 6.1, 7.1 The following fileset levels are vulnerable: key_fileset = aix Fileset Lower Level Upper Level KEY --------------------------------------------------------- sysmgt.pconsole.rte 6.1.9.0 6.1.9.100 key_w_fs sysmgt.pconsole.rte 7.1.3.0 7.1.3.x key_w_fs sysmgt.pconsole.rte 7.1.4.0 7.1.4.0 key_w_fs Note: To find out whether the affected filesets are ...read more


IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983)

High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server Liberty. There is a potential code execution vulnerability in WebSphere ...read more


IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-2775, CVE-2016-2776, CVE-2016-8864 and CVE-2016-6170)

High Severity

ISC BIND is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864 Affected product(s) and affected version(s): Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021750X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115477X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117246X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114759X-Force ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2180, CVE-2016-2182, CVE-2016-6306)

High Severity

Open SSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2016-2180, CVE-2016-2182, CVE-2016-6306 Affected product(s) and affected version(s): Power HMC V7.9.0.0 Power HMC V8.2.0.0 Power HMC V8.3.0.0 Power HMC V8.4.0.0 Power HMC V8.5.0.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021733X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 – HTTPS support for Perl Collector

High Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4. IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 has addressed the applicable CVEs. CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183, ...read more


IBM Security Bulletin: Vulnerabilities in DHCP affect Power Hardware Management Console (‪CVE-2015-8605 and CVE-2016-2774‬‬)

Medium Severity

DHCP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2015-8605, CVE-2016-2774 Affected product(s) and affected version(s): Power HMC V7.7.9.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1021703X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109586X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111319 ...read more